From owner-freebsd-current@freebsd.org Fri May 22 22:17:02 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7FBEE2DF80F for ; Fri, 22 May 2020 22:17:02 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670063.outbound.protection.outlook.com [40.107.67.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49TLSZ0fGWz40Kk; Fri, 22 May 2020 22:17:01 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PQ22jH6ZqphD6iuhA5gJL8m/yVtEJ98YswKgMIWoR5HLS3+ZuYMbJM43+4JISuKxtuqzRU5h6e17F8E+3VFWijA1OGQK54FBoxQnGS6XDvE6+Ewbc/xrNZEBCq7esEDCaXMjDuzDn+1KFxVqt/0XXmjeC8jhChdOhHtDuiqncpdq8LELpWqkrqx8ia+PX9+REvB8NDNujAzz/yK+LTHAJjnYTLXbeOLJmCGBPLsoKDCuslcv04Gl67nAEmdKvFPn2O75AOKdmLs02IbTmWTtjTyM12p1mruvRWncV3tFNsgDFZE/F+6w5Pw9yHKBcFP9jRYCaffQvyENXeQKCRWVrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0EdHY+oNpjrYOYOONZ8Lzwsjzv6RYgUyB6k2NQkZRxk=; b=copVEdo/qe08IbLe3yBENarU4RxAhQmQgAlWruwgBGj7nH6yQcNNdy+MkNP+poTIjsZViQKN8Nr0jbywH3w53deYSsM5tJXlMQsUJ7huVPXLMI2C+OVxGLS8NVvKl6fyC4GSLyoGt5wf9TrhlicttKO9GF7sG2dqViPtExUULdvaLJsOpCl+hxH9YUNCBAlVfYtZpbKZuCy/3m/T3PrxLmKB9Y0BQnzwzhzkaXUTctI1OIVNJAOp/cbTLDrl0nkOg0+gBCruPeGKrE/3kTaNlSS1EHdzCgXUkiPUsiCdB7Qlr5eWnWUwyjaXswFdo51COKpY4TthfGrWNXkJBz4GTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0EdHY+oNpjrYOYOONZ8Lzwsjzv6RYgUyB6k2NQkZRxk=; b=Z5o97lPoGBgZek6m9XZAWe4wNHwGyJTAzFqvbFfGwsMyVTb3QErMAIdgOcwf2lem6oUS5gzDr393NO1gc/eJJsU97WSb54+wgR6qBzkWQ1kMSiF98fzcx+dA6xjsva03W7gnSjl3UEsp7Td7EK+pu26hEZ8xua5D8tyfWGB/7+Yqr01j1uC72V3fsGdImXfsRkXrJ/bHkOeY1LTU2rDuDew+RgfN5LDSnaDvQmSIZfnnzSiY0UVr8DUMNdpj34rl1EbmmAghb8ETTmkK6Hh4KhUWgdwsKi0Gy1Kxp5HfaFNDq9qWTCJeu5rY44u7XQk7tCCmYBP2iXldelI2cottQg== Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:32::26) by QB1PR01MB2721.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:31::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.24; Fri, 22 May 2020 22:17:00 +0000 Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM ([fe80::dd96:945c:b6ee:ffa2]) by QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM ([fe80::dd96:945c:b6ee:ffa2%6]) with mapi id 15.20.3021.027; Fri, 22 May 2020 22:16:51 +0000 From: Rick Macklem To: John Baldwin , "freebsd-current@FreeBSD.org" Subject: Re: RFC: merging nfs-over-tls changes into head/sys Thread-Topic: RFC: merging nfs-over-tls changes into head/sys Thread-Index: AQHWL7DSVvlRzqq+nkOycfyzzN7vIKi0qOQAgAABtaU= Date: Fri, 22 May 2020 22:16:51 +0000 Message-ID: References: , <6387cc78-c483-6271-7108-bf19a935dc01@FreeBSD.org> In-Reply-To: <6387cc78-c483-6271-7108-bf19a935dc01@FreeBSD.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 636e1046-ccdb-42c2-f991-08d7fe9dd3ef x-ms-traffictypediagnostic: QB1PR01MB2721: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 04111BAC64 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DuGzY24jfLBITOWHfBGvTRsYm6HCYfhc4IlnJMkI+cYg8mdFJadHvRHHw9Gc2S1WbCfLJ8rEBDLPkzlXScULJPAwfhcKQ4+Fh/d+ocz3p9SBESESrqA/bhDlhLz07LFXld7yVgUlsL2O7B8UJMfJi8kLs/z+jHY5VapUQkWz9CZ7OZOha2reXNar8DBrX3u/YyvXWQtJq8MWvjTHMpGD+9MHzi4tgbQvDhedw1xZYUld1WuDq6m4uUcnC6Npm78e/E39RAOTo1fwWVbcm8ZrjRZ+PUn22mC+q/amNzX+phbq9cuTvfoZOGVkf6fZdrup0HgE+oHdQ4hyaRUU2eXxEw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(376002)(346002)(396003)(136003)(39860400002)(366004)(7696005)(66574014)(33656002)(8676002)(8936002)(6506007)(86362001)(186003)(316002)(786003)(5660300002)(110136005)(71200400001)(66476007)(478600001)(2906002)(450100002)(55016002)(66556008)(64756008)(66446008)(52536014)(9686003)(66946007)(76116006); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: sE3dYr4xPaXyzHh0rTeBo0G7cc7qdU8LgAMmLFrNYKIIXaupGZzmc03suKuHMF65Y42SyXsYqLYoL2ksTIxYm06ChhmqRM2TNsxilLVrRkUmSI2SC2t16rBsIIaC0pkcJNq4FTPnRQh1NNICdf4VENqXDj/NiszNrFy5SJK+mDVG6sUt4gFcGiqRF+3NAQrn5FHmShf4rIin+r+9qKAJEkFc9181izBroHAOd4RrI9pctbUWLoahhCOl6hrxeY9euqYyOgV7WfQPlpPcX3nDqapvkPjVUZVqgk9ZukPFXzmlHzDrtmPuZ/RQAYuUYD8HQaycywyx1RUw7ISDJw6aYGMBfJYauPH+drcZChFf2gi4Wk+i4hA6/ztsd5SdbUYV+97/ltbOGSF45QbWy6RKoSMdTBwJ1GgMES4Gt1l8y3cXPKPb4LWOkn9hj5yURlD8aap+7unLeX9KVxZ7frjrRf0NycVSLJCbVbj3oSGGXNF+sL9EPbce3Ezkw7/5gI3gplrrCnwjoWomITK27hvgihreNoRqO1HpDRrYey/7V/k= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-Network-Message-Id: 636e1046-ccdb-42c2-f991-08d7fe9dd3ef X-MS-Exchange-CrossTenant-originalarrivaltime: 22 May 2020 22:16:51.4165 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZFnVa2tuIrv4PS3jgMZn3GT5Egn51JCVr+qXlOOIPrpn/1e9c2wyddVSaO75UwGrmgCcmfNZLadZYI5LzvAOmg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB2721 X-Rspamd-Queue-Id: 49TLSZ0fGWz40Kk X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2020 22:17:02 -0000 John Baldwin wrote:=0A= >On 5/21/20 2:01 PM, Rick Macklem wrote:=0A= >> Hi,=0A= >>=0A= >> I have now completed changes to the code in projects/nfs-over-tls, which= =0A= >> implements TLS encryption of NFS RPC messages. (This roughly conforms=0A= >> to the internet draft "Towards Remote Procedure Call Encryption By Defau= lt",=0A= >> which should soon become an RFC. For now, TLS1.2 is used instead of TLS1= .3,=0A= >> since FreeBSD's KERN_TLS does not yet implement TLS1.3.)=0A= >>=0A= >> I'd like to start merging some of the kernel changes into head/sys.=0A= >>=0A= >> The first of these would be creation of the syscall used by the daemons.= =0A= >> (The code in projects/nfs-over-tls cheats and uses the syscall for the g= ssd,=0A= >> but it needs to have its own syscall so that the gssd daemon can run co= ncurrently=0A= >> with it. I didn't want testers to need to build userland just to get a = syscall stub=0A= >> in libc.)=0A= >>=0A= >> After this, there are a bunch of changes to the NFS code to add support = for=0A= >> ext_pgs mbufs (these are significant patches, but should not affect the= =0A= >> non-ext_pgs mbuf case, since they'll be conditional on ND_EXTPGS/M_EXTPG= S).=0A= >>=0A= >> Does this sound ok to do?=0A= >>=0A= >> Please let me know if you see problems with me doing this?=0A= >=0A= >I don't see any problems, per se, but I still need to do some changes on m= y=0A= >end for software KTLS RX before it's ready to merge (I'm hoping to kill=0A= >the iovecs in the kthreads entirely).=0A= Sure. My plan is to merge bits and pieces, because some of it involves part= s=0A= of the system like mount exports or changes to soreceive_generic(),=0A= that will require reviews.=0A= =0A= To be honest, most of the changes are not specifically nfs-over-tls (or=0A= krpc-over-tls, although NFS is currently the only consumer).=0A= They are things like generating ext_pgs mbuf lists (which can be used for= =0A= non-TLS connections, although I'm not sure they are useful for other cases?= )=0A= or a better way of handling the krpc client side receive.=0A= =0A= I think it will be quite a while before all the kernel bits are in head, bu= t having=0A= the syscall in head (mainly the syscall stub in libc) will make it easier f= or=0A= testers to set systems up. They may not be FreeBSD types.=0A= =0A= No rush on the TLS changes from my perspective. (It would be nice to get=0A= the kernel bits in FreeBSD13. The userland stuff could probably become a=0A= package/port, I think?=0A= =0A= Thanks yet again, for your help with this, rick=0A= =0A= =0A= --=0A= John Baldwin=0A=